Server Security - DDoS attacks

[lpxxfaintxx]

How would you protect your server from DDoS attacks? I am new at these kind of stuff and I am curious..

[Tyler]

I'm no expert at managing servers though I do have some prior hacking/linux type based experience in the good ol' days. If memory serves me correctly, and if things haven't changes all that much... I believe there is not much you can do to stop these types of attacks. If someone really wants to do it then they will. You can only really try and stop the effects of the attacks.

[lpxxfaintxx]

Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.

- Don't make enemies.
- Don't promote immoral, unethical, sectarian, political, inhumane, anti-intellectual property products or services.

The list can continue, even to things you assume are good. Just don't piss off the wrong nerd.

A way to beat them to it if you know who is against your organization is to research the person and take control of their botnet before they tell it to kill your server.

Or the aftermath approach, take the server down, analyze all your logs and determine which sequences were of a DDoS style and ban all those IP's when you associate your server to a new IP/and/or hosting service.

[Tyler]

Quote:

Originally Posted by lpxxfaintxx

Oh, well I've heard of custom programs and firewalls. Like aplus.net and other dedicated server providers.

Yeah, you can go the firewall route, and it does help to a degree if properly configured. But again, if they really want to they will.

[lpxxfaintxx]

Oh, thanks for the replies.

Quote:

Don't make enemies.

Some people attack just for fun

[Jason425]

Get a beefy server!

The advise about banning ddos IPs is probably the best if you already have a good firewall.

a firewall isn't going to help against a DDOS. if packets are getting through to your pipe, even if you are denying them, you're pipe is going to be getting filled with data and become useless. Further, your firewall hardware may become overburdened by the size, number of packets coming on over the network can kill it. With a DOS attack, yo ucan generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario

[Jason425]

and especially if they're overseas in a 3rd world country

Quote:

Originally Posted by James

With a DOS attack, you can generally call the ISP of the source and get them cut off. This becomes infinitely more difficult in the distributed scenario

I don't see how you could do this in realtime, unless it was only a single attacker. If a DDoS hit you it would take a long time to analyze the logs and determine what sequence the attack was working on.

Even if you were adept, determining that sequence may be faster, but you'd still have to find the sources of the IP's and call the ISP's who own the IP blocks. These calls may take tens of minutes or longer on hold and whatnot. The entire time your firewall's buffer and your bandwidth is reaching critical mass.

Quote:

Originally Posted by Jason425

and especially if they're overseas in a 3rd world country

are you saying that ISP's overseas are less responsible for malicious activities of their clients?